]> gitweb.fperrin.net Git - Dictionary.git/blobdiff - src/com/hughes/android/dictionary/DictionaryManagerActivity.java
projects / Dictionary.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Fix some code inspection warnings.
[Dictionary.git] / src / com / hughes / android / dictionary / DictionaryManagerActivity.java
diff --git a/src/com/hughes/android/dictionary/DictionaryManagerActivity.java b/src/com/hughes/android/dictionary/DictionaryManagerActivity.java
index 8cbcb537a2dd955b1edf849d8e741701986d3801..265059ee108e9ff951743fa88b177b8162063269 100644 (file)
--- a/src/com/hughes/android/dictionary/DictionaryManagerActivity.java
+++ b/src/com/hughes/android/dictionary/DictionaryManagerActivity.java
@@ -83,6 +83,7 @@ import java.util.Collections;
 import java.util.HashSet;
 import java.util.List;
 import java.util.Set;
+import java.util.regex.Pattern;
 import java.util.zip.ZipEntry;
 import java.util.zip.ZipInputStream;
 
@@ -223,15 +224,24 @@ public class DictionaryManagerActivity extends AppCompatActivity {
                 }
             }
             zipFile = new ZipInputStream(new BufferedInputStream(zipFileStream));
-            final ZipEntry zipEntry = zipFile.getNextEntry();
-            Log.d(LOG, "Unzipping entry: " + zipEntry.getName());
-            File targetFile = new File(application.getDictDir(), zipEntry.getName());
-            if (targetFile.exists()) {
-                targetFile.renameTo(new File(targetFile.getAbsolutePath().replace(".quickdic", ".bak.quickdic")));
-                targetFile = new File(application.getDictDir(), zipEntry.getName());
+            ZipEntry zipEntry;
+            while ((zipEntry = zipFile.getNextEntry()) != null) {
+                // Note: this check prevents security issues like accidental path
+                // traversal, which unfortunately ZipInputStream has no protection against.
+                // So take extra care when changing it.
+                if (!Pattern.matches("[-A-Za-z]+\\.quickdic", zipEntry.getName())) {
+                    Log.w(LOG, "Invalid zip entry: " + zipEntry.getName());
+                    continue;
+                }
+                Log.d(LOG, "Unzipping entry: " + zipEntry.getName());
+                File targetFile = new File(application.getDictDir(), zipEntry.getName());
+                if (targetFile.exists()) {
+                    targetFile.renameTo(new File(targetFile.getAbsolutePath().replace(".quickdic", ".bak.quickdic")));
+                    targetFile = new File(application.getDictDir(), zipEntry.getName());
+                }
+                zipOut = new FileOutputStream(targetFile);
+                copyStream(zipFile, zipOut);
             }
-            zipOut = new FileOutputStream(targetFile);
-            copyStream(zipFile, zipOut);
             application.backgroundUpdateDictionaries(dictionaryUpdater);
             if (!isFinishing())
                 Toast.makeText(context, getString(R.string.installationFinished, dest),
@@ -248,14 +258,15 @@ public class DictionaryManagerActivity extends AppCompatActivity {
         } finally {
             try {
                 if (zipOut != null) zipOut.close();
-            } catch (IOException e) {}
+            } catch (IOException ignored) {}
             try {
                 if (zipFile != null) zipFile.close();
-            } catch (IOException e) {}
+            } catch (IOException ignored) {}
             try {
                 if (zipFileStream != null) zipFileStream.close();
-            } catch (IOException e) {}
-            if (localZipFile != null && delete) localZipFile.delete();
+            } catch (IOException ignored) {}
+            if (localZipFile != null && delete) //noinspection ResultOfMethodCallIgnored
+                localZipFile.delete();
         }
         return result;
     }
@@ -829,6 +840,14 @@ public class DictionaryManagerActivity extends AppCompatActivity {
 
         DownloadManager downloadManager = (DownloadManager) getSystemService(DOWNLOAD_SERVICE);
 
+        if (downloadManager == null) {
+            String msg = getString(R.string.downloadManagerQueryFailed);
+            new AlertDialog.Builder(DictionaryManagerActivity.this).setTitle(getString(R.string.error))
+                    .setMessage(getString(R.string.downloadFailed, msg))
+                    .setNeutralButton("Close", null).show();
+            return;
+        }
+
         try {
             downloadManager.enqueue(request);
         } catch (SecurityException e) {
"QuickDic" offline Dictionary App for Android. Provided downloadable dictionaries are based on Wiktionaries but can also be created from other sources (see DictionaryPC). Remember to use --recursive when cloning! Fork of project that used to be hosted at code.google.com/p/quickdic-dictionary.